[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Phase 1 KB lifetime

To: Andrew Krywaniuk <akrywaniuk@TimeStep.com>
Subject: Re: Phase 1 KB lifetime
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Wed, 19 Jan 2000 17:38:32 -0800
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Wed, 19 Jan 2000 19:52:28 EST." <319A1C5F94C8D11192DE00805FBBADDF0110A42D@exchange>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 19 Jan 2000 19:52:28 EST you wrote
> 
> But if you:
> 
> 1. State that "It is _never_ a good idea to just enforce a lifetime without
> telling the peer".
> 	AND
> 2. Agree that lifetime constraints are a component of policy.
> 	AND
> 3. Want to remove the definition of the kb lifetime magic number from IKE.
> 
> ...then like it or not you ARE legislating policy.

No I'm not. You can delete phase 1 SAs based on any arbitrary occurance you 
like-- phases of the moon, closing stock price of NN, whatever. Note that
none of these have magic numbers in IKE. The question was raised (not by me
I might add) to move kilobyte lifetime for phase 1 to the pile of other 
arbitrary occurances that don't really make sense and therefore do not have 
magic numbers assigned.

I really would like to legislate the word "policy" (also known as the "p-word")
out of discussions on the protocol though. My illustrated dictionary has a 
picture of a rat hole next to the definition of "policy".

  Dan.

References:

RE: Phase 1 KB lifetime

From: Andrew Krywaniuk <akrywaniuk@TimeStep.com>

Prev by Date: RE: Phase 1 KB lifetime
Next by Date: Re: Bruce Schneier on IPsec
Prev by thread: RE: Phase 1 KB lifetime
Next by thread: RE: Phase 1 KB lifetime
Index(es):
- Main
- Thread